The case for a free market in IPv4 addresses

Microsoft's $7.5 million purchase of IPv4 addresses from a bankrupt Nortel …

As we run out of IPv4 address space, is it time to create an exchange for trading unused address blocks? Ars contributors Iljitsch van Beijnum and Timothy Lee tackle the issue. In this article, Tim explains why this is the way to go. You can read Iljitsch's take here.

Officially, the world ran out of IPv4 addresses earlier this year, when a final batch of addresses was divided among the five Regional Internet Registries. The authorities hope that declaring the IPv4 cupboards bare will push expanding networks into making the leap to IPv6, which has a 128-bit address space that's unlikely to ever be exhausted.

But the IPv6 transition is happening slowly, and expanding networks need more IPv4 addresses now. This need is especially acute in Asia, where rapidly growing economies and huge populations have created demand for tens of millions of new addresses each year.

Fortunately, the exhaustion of IPv4 addresses is greatly exaggerated. There are still a lot of unused and underused IP addresses in the hands of various private organizations. All that is needed is an incentive for them to part with their unused addresses voluntarily. In other words, what's needed is a market in IP addresses.

Three sizes fit all

In the early days of the Internet, blocks of IP addresses were available in only three sizes. There were "class A" blocks containing 16 million IP addresses, "class B" blocks containing 65 thousand addresses, and "class C" blocks containing 256 addresses. That meant an organization that needed 400 IP addresses often got tens of thousands of free IP addresses it didn't need.

And some organizations got even more. Ford, Merck, Xerox, Halliburton, and nearly a dozen other companies not primarily in the networking business were each given a Class A block of 16 million addresses. MIT also got a Class A block, and the UK government got two of them. The US government claimed about a dozen Class A blocks, giving it control of nearly 200 million addresses—more IP addresses than all of Latin America has today.

As people realized that the supply of addresses wouldn't last forever, a switch was made to a "classless" system that could allocate address blocks in any size that was a power of two. Under the new scheme, an organization needing 400 addresses would get a block of 512 addresses rather than 65 thousand.

But the Internet Assigned Numbers Authority, the organization that oversees the allocation of IP addresses, hasn't tried to reclaim the large blocks that were granted in the Internet's early years. Indeed, it's not clear it has the authority to do so. So Xerox, Ford, and MIT still have millions of addresses they almost certainly don't need.

IPs for sale

Obviously, Ford is unlikely to relinquish its IP addresses out of the goodness of its heart. Even if the company were confident that it would never need them and couldn't sell them, the renumbering process would be a headache. For example, the company would need to audit all of its firewalls to check for hard-coded addresses. But Ford probably would be willing to renumber its network and relinquish its unused addresses for the right price.

The obvious solution is for networks that need more IP addresses to buy them from organizations that have more than they need. Indeed, this process has already started. Earlier this year, Microsoft paid $7.5 million for two-thirds of a million IP addresses that were previously held by a bankrupt Nortel, suggesting that the going rate for an IP address is around $10.

A market in IP addresses will significantly extend the useful life of the IPv4 address space. Rising prices encourage firms to economize, and this principle applies to IP addresses as much as to any other scarce resource. So far, firms have been using IP addresses wastefully because they've been able to get new ones for free. Now that's no longer true, and firms will have to think harder about whether they're using their supply of IP addresses efficiently.

So what's the problem? The American Registry for Internet Numbers, the non-profit organization that has traditionally handed out IP addresses to North American ISPs, has resisted the emergence of a market for IP addresses—at least one it doesn't control. The organization insists that IP addresses are not property and that address blocks can only be transferred with its approval. ARIN's policy is to only approve transfers to organizations that ARIN believes "need" the IP addresses. ARIN president John Curran tells Ars that ARIN's policies were "developed by the Internet community."

The Nortel sale nominally occurred under the auspices of ARIN, but as Milton Mueller points out, ARIN seems to have signed on at the last minute as a face-saving measure. The parties to the transaction don't appear to have undergone the vetting process required by ARIN's specified transfer policy, and there's no evidence that ARIN conducted an assessment of whether Microsoft "needed" the addresses.

Indeed, the sale makes clear that, despite ARIN's protests to the contrary, IP address assignments are de facto property rights. ARIN's website states that ARIN "will not reclaim unutilized address space from legacy holders who sign this RSA, nor will ARIN attempt to take away legacy resources from organizations who choose not to sign it." In other words, legacy address holders (e.g. those who got IP address assignments under the pre-ICANN system) are entitled to keep their IP addresses for as long as they want. And the Nortel transaction suggests they're free to transfer them to whomever they choose, regardless of a needs assessment by ARIN. That sounds a lot like property rights.

In July, ARIN board member Paul Vixie penned an op-ed for ACM complaining about companies seeking to create private alternatives to ARIN's official whois database. The piece seems to have been a thinly veiled attack on the company that brokered the Nortel/Microsoft deal. Vixie is right that it would be bad to have multiple whois databases with conflicting information in them. But the solution isn't to give ARIN the power to block transactions it doesn't approve of. It's for ARIN to take on the more limited role of faithfully recording transactions that take place, regardless of who brokers them. In other words, ARIN should support a open market in IP addresses rather than trying to maintain control over the allocation of IP addresses.

The threat of fragmentation

Critics of IP address markets raise three major objections. First, they worry that IP address trading will lead to a fragmentation of the IP address space, cluttering up routing tables. If organizations can easily sell off unused IP addresses, they might be tempted to break up a single large address block into several smaller blocks and sell off the pieces they don't need. If that happened too often, it would strain the capacity of routers in the Internet's core.

This is a legitimate worry, and registries can play a valuable role in combatting this kind of unnecessary fragmentation of the address space. But if the problem is the fragmentation of the address space, then registries should focus on that problem. In particular, they should automatically approve any transfer of an intact IP block from one party to another, without inquiring about whether the recipient "needs" the addresses.

More to the point, if a liquid market for IP blocks existed, it would become much easier to match organizations to IP address blocks that met their needs. A growing organization should trade in its existing small block for a larger one rather than trying to hold several non-contiguous blocks. And an organization looking to downsize should trade in its large block for smaller ones rather than breaking up their existing blocks into smaller pieces. Bureaucratic restrictions on transferring IP address blocks make it harder to perform these kinds of mutually beneficial transactions.

Opponents also worry that the emergence of a market for IPv4 addresses would reduce the urgency of the IPv6 transition. That's probably true, but it's not a reason to oppose it. If people can get more mileage out of the existing IPv4 address space, registrars shouldn't stand in their way. People are still free to switch to IPv6 at any time.

Are IP address markets unfair?

Critics of selling IP addresses on the open market worry about the egalitarian implications of asking relatively poor countries like India to pay millions of dollars to rich countries like the United States for additional IP addresses. But this objection gets the issue precisely backwards. Obviously, it would be nice if Indian ISPs could take a time machine back to 1993 and ask Jon Postel to reserve a larger share of the millions of IP addresses he was doling out back then. But that ship has sailed. Nothing the IANA does now is going to get Indian ISPs millions of new IP addresses for free.

So the alternative to Indian ISPs paying Westerners for IP addresses isn't that they get them for free. It's that they don't get them at all. No one is arguing that Indian ISPs should be forced to buy IPv4 addresses. If they can go straight to IPv6, more power to them. But it would be paternalistic to try to block Indians from buying IPv4 addresses if they think that's in their interest.

A market for IPv4 addresses is coming with or without the assistance of the official registries. The economic forces are too strong to resist. If the registries embrace the trend now, they can build the infrastructure needed for an orderly transition to a market-based regime. On the other hand, if they fight the trend, it will simply push the transactions underground, rendering the official whois database useless. In the long run, it may also render the registries themselves irrelevant, as their functions are taken over by private firms that are willing to merely record transfers rather than trying to control them.

100 Reader Comments

Are you implicitly suggesting that (a) some/many of the non-ISPs that are now holding idle IPv4 are run by idiots, altruists, and/or true Internet idealists who would be willing to forego significant windfalls in order to incrementally reduce the odds/forestall the moment that the Internet becomes a closed cartel? ...

Wellll, I am skeptical that ISPs will outbid everyone else (content providers) for IPv4. At some point NAT44 becomes cheaper than buying addresses, and customers can only be gouged so much. Conspiracy theories generally aren't good business.

I believe anyone arguing over whether IPv6 is a good idea is not really looking at how the Internet is growing on a world scale and also ignoring the fact that the train that is IPv6 has already started it's journey and it is only a matter of time before it gets to you.

As to the issue of home routers, then that is a real issue, but one that need not be one. Like the DTV transition, I believe governments should be mandating that all new IP aware hardware should have IPv6 capability or have a free upgrade solution to IPv6 from the manufacturer. Beyond feet dragging, there isn't much reason to get new hardware that only does IPv4.

The DTV issue was driven by a military desire to use the analog TV portion of the bandwidth, if I'm not mistaken. And what the U.S. military wants, the U.S. military gets; even in a debt crisis.

Great point! That also explains why OPEC is so successful at propping up the price of oil! Oh wait, they actually aren't. The factor you are missing is that while it may be rational for any individual IPv4 holder to maximize the value of IPv4 by constraining the supply of IPv6, it is ALSO rational for any individual IPv4 holder to exploit the high price of IPv4 addresses by undercutting with IPv6. It's your basic prisoner's dilemma. Defection is a strictly dominant strategy.[/quote]

Touche! Oh wait, IPv4 is not at all like oil, because unlike with oil there is exactly zero recurring production over time, and unlike with oil there is exactly zero uncertainty about the absolute level and/or distribution of global supply, and unlike with oil there is exactly zero storage/spoilage costs for holding out for the price you want… Oh, and unlike oil, there is no other current or foreseeable substitute for which pricing is not also indirectly but strongly determined by Ov4EC members.

But by all means, you play the game your way; you are sure to dominate forever, from you cell in solitary.

Joining the IPv6 internet is relatively trivial as long as your home router supports it. .

But isn't that the really big problem here? Tens of millions (hundreds of millions?) of home and business routers, cable modems and DSL modems currently in use that don't support IPv6. And these items are still in production and still being sold in your local Best Buy or other similar shady electronics shop.

I looked into upgrading my router to a IPv6 capable one. I found two- Apple's or a brand new NetGear.

IPv6 is a long way off, and in fact, I'd vote to scrap it and just extend IPv4 to IPv5, by adding two more octets, and leaving everything else the same.

That would never work... Or more to the point, it would work but result in the same hassle to change from IPv4 to IPv6. IPv4 devices still wouldn't be able to talk to the "IPv5" devices.

How about convincing every university that was given class b's to give back about 90% of their addresses and switch to NAT where possible. I worked for a university that finally moved their Printers to a 10.X network but why the hell does every workstation need a public IP especially when many of the depts have 10 dollar an hour IT guys that dont know squat about how to secure or manage hundreds of clients at once. When I took over almost every computer there was infected with something.. it was flat out horrible switching to NAT IPs of course doesnt fix that but it sure doesnt hurt when the firewall was poorly configured and sometimes still had rules for servers etc that used to use that ip and had a public service... it was just sad.

every time i read about this ip4to6 issue i keep wondering what happened to the idea of mapping every ip4 as a subset of ip6 and rock on from there.

That's been done but it doesn't handle what IPv4 source address the system you are connecting to with your IPv6 client sees. That has to be handled with a NAT to an IPv4 public address which is what NAT64/DNS64 does for example. That proposal works by magically translating DNS responses and replacing IPv4 addresses with the IPv6 mapped addresses while running an IPv6 -> IPv4 NAT gateway that ultimately has public IPv4 addresses. This runs into all the same problems as carrier grade NAT, plus problems with protocols which use addresses from anywhere other than DNS, such as from within the protocol's data stream.

Services like SixXS or Hurricane Electric's Tunnel Broker program makes things relatively easy for people that have any understanding of networking. If you can't figure out how to get access to IPv6 internet and you consider yourself 'technically savvy'... you are lying to yourself about the 'savvy' part.

When I went that route, the "only" hickup was the crippled DSL modems. The Speedstream AT&T gave me doesn't route IPv6, the newer modems available at the local Fry's had a bunch of other problems, e.g., not responding to the ping that HE sends out when you configure the tunnel...At least the 2Wire modem that AT&T's UVerse uses works fine with the tunnel.So, setting up the software for IPv6 is easy, the crippleware that is out there is the problem.

@apple4ever: I have no idea whether you were trolling or simply misunderstanding why your 'IPv5' suggestion of 'two more bits' is too late and worse than IPv6. I am going to treat it as the latter:

All IPv4 based solutions assume an address is 32-bits. There is no magic flag to address size and even if there was, no system has been designed to expect anything else.

With IPv6, it was accepted that since any expansion to the address space was going to break everything anyhow, we might as well add enough bits that we won't have to deal with this mess again for at least as many years as we can imagine.

The other point is that the IPv6 train has already been specified and has started it's slow acceleration. Stopping it now would be not make any more sense than stopping the year 2000 moving in.

@apple4ever: I have no idea whether you were trolling or simply misunderstanding why your 'IPv5' suggestion of 'two more bits' is too late and worse than IPv6. I am going to treat it as the latter:

All IPv4 based solutions assume an address is 32-bits. There is no magic flag to address size and even if there was, no system has been designed to expect anything else.

With IPv6, it was accepted that since any expansion to the address space was going to break everything anyhow, we might as well add enough bits that we won't have to deal with this mess again for at least as many years as we can imagine.

The other point is that the IPv6 train has already been specified and has started it's slow acceleration. Stopping it now would be not make any more sense than stopping the year 2000 moving in.

@apple4ever: I have no idea whether you were trolling or simply misunderstanding why your 'IPv5' suggestion of 'two more bits' is too late and worse than IPv6. I am going to treat it as the latter:

All IPv4 based solutions assume an address is 32-bits. There is no magic flag to address size and even if there was, no system has been designed to expect anything else.

With IPv6, it was accepted that since any expansion to the address space was going to break everything anyhow, we might as well add enough bits that we won't have to deal with this mess again for at least as many years as we can imagine.

The other point is that the IPv6 train has already been specified and has started it's slow acceleration. Stopping it now would be not make any more sense than stopping the year 2000 moving in.

Are you implicitly suggesting that (a) some/many of the non-ISPs that are now holding idle IPv4 are run by idiots, altruists, and/or true Internet idealists who would be willing to forego significant windfalls in order to incrementally reduce the odds/forestall the moment that the Internet becomes a closed cartel? ...

Wellll, I am skeptical that ISPs will outbid everyone else (content providers) for IPv4. At some point NAT44 becomes cheaper than buying addresses, and customers can only be gouged so much. Conspiracy theories generally aren't good business.

It's not clear to me what point you're trying to make by introducing these distinctions. One day, probably sooner rather than later, all of the members of the set that encompasses both "ISPs" and "content providers" will face a mix of incentives that will overwhelmingly favor "hold/lease IPv4." The next day, just like all the days that come before, somewhere around the world one or more unusually clever and/or lucky people are going to independently come up with some completely novel and potentially very valuable contribution to make to the Internet. However, unlike in all the days that came before, the only way that any of those unique and valuable contributions will ever see the light of day will be if those aspiring entrepreneurs succeed in securing the permission/patronage of one or more members of the set described previously, on whatever terms that they happen to be willing to accept on that particular day. Unless people everywhere suddenly run out of good ideas on or about the same day that IPv4 runs out, the cumulating frictions, resentment, and absolute value loss that will follow are likely to produce unhappy times for all parties involved. NAT44 won't prevent, forestall, or mitigate this outcome in anyway; NAT44 will be a corollary and contributor to the unhappy times.

And for the record, I am not describing a conspiracy theory, not do I anticipate that any conspiracy will actually take place. No conspiracy is necessary. I am describing the individual-level incentives of "rational" and reasonably well-informed surplus IPv4 holders. I am not even attributing any particularly "malign" intent to anyone. In all likelihood, many of the people who will act exactly as described will do so quite reluctantly -- because that's the price of competitive survival as long as the future of IPv6 remains uncertain. This dynamic is what economists call "adverse selection" -- or what monetary economists sometimes refer to as "Gresham's Law." Bottom line: sometimes it doesn't take a conspiracy, or even a single bad guy, to produce an unhappy ending.

Most ISP users don't need public IPs. I expect we'll see more and more NATing happening, especially since that will give the ISPs additional control over how users engage w/ the internet.

VoIP/Blizzard Games/EA Games/PS3/xBox360 and many other programs and devices will not work without a public IP address. You think they work behind a NAT because of uPNP transparently forwarding ports, but they will break behind a Carrier NAT.

There is also the fun fact that ISPs for broadband connections are by law obligated to log which IP addresses are assigned to which account at which times. If they use carrier grade NAT, they will suddenly need to log which Port+IP is attached to which account. You suddenly go from 1 log per account per week/month to 1+ logs per customer every second. Have fun with that bloat.

My VoIP provider works just fine with NAT as my ATA talks back to their softswitch, likewise my XBOX 360 works fine including XBOX Live. I have uPnP disabled on my firewall as it's possible the worst protocol in history when it comes to security. Now, that doesn't mean that they will work with carrier grade NAT as double NAT breaks plenty of things that work with a single NAT.

As to consumer devices that support IPv6, more are coming on the market all the time. One of the biggest hurdles to adoption (at least in the US) was that DOCSIS 2 made it difficult for providers to do dual stack, DOCSIS 3 makes it easy and so you've seen many more pilots as the cable companies have upgraded their networks over the last 18 months or so. Now that the networks are capable and carrier grade NAT is on the horizon I think you will see most of the SoHo add support to their products, the Linux kernel they are using these days supports it as do most of the low level configuration tools behind their web GUI's so it's not that much effort for them to add it.

And for the record, I am not describing a conspiracy theory, not do I anticipate that any conspiracy will actually take place. No conspiracy is necessary. I am describing the individual-level incentives of "rational" and reasonably well-informed surplus IPv4 holders.

But you are describing a conspiracy, you are exactly describing a cartel. Cartels almost always fail because the dominant strategy of every cartel member is to undermine the cartel. The IPv4 holders can only maintain the high value of IPv4 addresses collectively, but each IPv6 vendor could undermine that value independently. The expected behavior, therefore, would be for each IPv6 vendor to maximize *profit* by cannibalizing IPv4 value - a collective asset - in favor if IPv6 *profit* - a private asset. Whether it's oil or diamonds or network addresses, the basic economic incentives are pretty much the same.

Services like SixXS or Hurricane Electric's Tunnel Broker program makes things relatively easy for people that have any understanding of networking. If you can't figure out how to get access to IPv6 internet and you consider yourself 'technically savvy'... you are lying to yourself about the 'savvy' part.

When I went that route, the "only" hickup was the crippled DSL modems. The Speedstream AT&T gave me doesn't route IPv6, the newer modems available at the local Fry's had a bunch of other problems, e.g., not responding to the ping that HE sends out when you configure the tunnel...At least the 2Wire modem that AT&T's UVerse uses works fine with the tunnel.So, setting up the software for IPv6 is easy, the crippleware that is out there is the problem.

...The longer the current IPv4-based Internet remains overwhelmingly inaccessible to pure IPv6-based entrants, the higher the sale (or much more likely, lease) price of IPv4 is likely to climb -- and the longer IPv4 rents continue to rise and/or to remain stable at levels well above initial allocation prices, the less "economically rational" it would be for IPv4 holders to ever voluntarily give up that absolutely unassailable and eternal commercial advantage.

Great point! That also explains why OPEC is so successful at propping up the price of oil! Oh wait, they actually aren't. The factor you are missing is that while it may be rational for any individual IPv4 holder to maximize the value of IPv4 by constraining the supply of IPv6, it is ALSO rational for any individual IPv4 holder to exploit the high price of IPv4 addresses by undercutting with IPv6. It's your basic prisoner's dilemma. Defection is a strictly dominant strategy.

Touche!! Oh wait, IPv4 is not at all like oil, because unlike with oil there is exactly zero recurring production over time, and unlike with oil there is exactly zero uncertainty about the absolute level and/or distribution of global supply, and unlike with oil there is exactly zero storage/spoilage costs for holding out for the price you want… Oh, and unlike oil, there is no other current or foreseeable substitute for which pricing is not also indirectly but strongly determined by Ov4EC members.

But by all means, you play the game your way; you are sure to dominate forever, from you cell in solitary.

Services like SixXS or Hurricane Electric's Tunnel Broker program makes things relatively easy for people that have any understanding of networking. If you can't figure out how to get access to IPv6 internet and you consider yourself 'technically savvy'... you are lying to yourself about the 'savvy' part.

When I went that route, the "only" hickup was the crippled DSL modems. The Speedstream AT&T gave me doesn't route IPv6, the newer modems available at the local Fry's had a bunch of other problems, e.g., not responding to the ping that HE sends out when you configure the tunnel...At least the 2Wire modem that AT&T's UVerse uses works fine with the tunnel.So, setting up the software for IPv6 is easy, the crippleware that is out there is the problem.

Given all the wasted IP's, together with NAT workarounds, I think we're going to be on IPv4 for a long time. Also consider the fact that IPv4 gives a lot of power upstream, whereas IPv6 gives everyone their own IP, and thus their own "land" on the internet. IPv6 is freedom. Our government will actually resist moving to IPv6, even though it will take at least that, if not some kind of popular uprising, to make the move. What will finally convince them, will be the individual accountability that IPv6 gives, once there are at least 3 NATs between any 2 points on the Internet.

I predict we are almost completely IPv4 for the next 20 years. And when they finally do switch it will be known as "The Year the Internet was Broken".

And for the record, I am not describing a conspiracy theory, not do I anticipate that any conspiracy will actually take place. No conspiracy is necessary. I am describing the individual-level incentives of "rational" and reasonably well-informed surplus IPv4 holders.

But you are describing a conspiracy, you are exactly describing a cartel. Cartels almost always fail because the dominant strategy of every cartel member is to undermine the cartel. The IPv4 holders can only maintain the high value of IPv4 addresses collectively, but each IPv6 vendor could undermine that value independently. The expected behavior, therefore, would be for each IPv6 vendor to maximize *profit* by cannibalizing IPv4 value - a collective asset - in favor if IPv6 *profit* - a private asset. Whether it's oil or diamonds or network addresses, the basic economic incentives are pretty much the same.

I have consulted with the judges, and they are all ready to present you with your copy of "The Networking Game: The Deluxe Home Version," along with your subscription to the Jelly of Month Club consolation prize. However, I'd like to give you one more shot at the jackpot. For all of the marbles, please fill in all of the blanks in the following sentence:

"In order to be successful as an 'IPv6 vendor' in an overwhelmingly IPv4-centric world, a network operator with need either a large reserve of __________, or alternately a similarly large supply of __________, or both."

Bonus prizes will be awarded if you can also successfully identify where and how the aspiring IPv6 vendor will get them!

Services like SixXS or Hurricane Electric's Tunnel Broker program makes things relatively easy for people that have any understanding of networking. If you can't figure out how to get access to IPv6 internet and you consider yourself 'technically savvy'... you are lying to yourself about the 'savvy' part.

When I went that route, the "only" hickup was the crippled DSL modems. The Speedstream AT&T gave me doesn't route IPv6, the newer modems available at the local Fry's had a bunch of other problems, e.g., not responding to the ping that HE sends out when you configure the tunnel...At least the 2Wire modem that AT&T's UVerse uses works fine with the tunnel.So, setting up the software for IPv6 is easy, the crippleware that is out there is the problem.

... the same parties who will be the unilateral price-makers in all IPv4 market transactions will also, simultaneously, be collectively dictating the overall, "fully loaded" price (or price/value) for the only possible alternative to IPv4, i.e., IPv6 addresses. IPv4 address holders will determine the latter by exercising their absolute prerogative to choose the timing, extent, and technical particulars of their own IPv6 adoption efforts...

That may not be likely; consider that many of the companies holding unused IPv4 addresses are not ISPs and thus have no such conflict of interest.

Are you implicitly suggesting that (a) some/many of the non-ISPs that are now holding idle IPv4 are run by idiots, altruists, and/or true Internet idealists who would be willing to forego significant windfalls in order to incrementally reduce the odds/forestall the moment that the Internet becomes a closed cartel? Are you also tacitly implying that (b) most/all of the companies who purchase those addresses from (a) will also...

<blockquote>In July, ARIN board member Paul Vixie penned an op-ed for ACM complaining about companies seeking to create private alternatives to ARIN's official whois database. The piece seems to have been a thinly veiled attack on the company that brokered the Nortel/Microsoft deal. Vixie is right that it would be bad to have multiple whois databases with conflicting information in them. But the solution isn't to give ARIN the power to block transactions it doesn't approve of. It's for ARIN to take on the more limited role of faithfully recording transactions that take place, regardless of who brokers them. In other words, ARIN should support a open market in IP addresses rather than trying to maintain control over the allocation of IP addresses.</blockquote>

I think you've misunderstood ARIN's position. ARIN has a designated transfer policy which allows for private trading in IPv4 number resources. Potential sellers and buyers (and even brokers) can register with ARIN to use our listing service, or they can meet up by way of e-Bay. When it's time to consummate a transaction and register the resources under the buyer's name, ARIN has a process for that. We did this to ensure that IPv4 number resources would be maximally utilized and so that the Whois records would remain accurate -- because this is what the ARIN community decided via the public policy process. Some have criticized ARIN's transfer policy because it requires that the buyer demonstrate a short term need for the number resources they are receiving, but the ARIN community chose to prevent its transfer policy being used for hoarding and speculation so those complains might be coming from potential hoarders and speculators.

Of greater interest to me is the question: <em>and then what?</em> That is, let's imagine that ARIN's transfer policy becomes widely used and all IPv4 number resources reach what the economists call their "highest and best use". Would we simply stop growing the internet at that point? Or would the value of these number resources continue to increase, with people who can renumber into NAT clouds gradually and forever doing that in order to free up address space for those whose network growth is not compatible with NAT? To me that's an unattractive future because we'll all be spending out time and energy learning how to traverse multilayer NAT. So to me the need for a global transition to IPv6 remains inevitable no matter what happens in the IPv4 number resources market. IPv4 is just too small no matter how efficiently the world learns to use it. Perhaps some investors (and perhaps some speculators) would be well served by lengthening the lifetime of IPv4 by a few more years, but the bigger the IPv4 network gets the harder it will be to pull it through the knothole of the IPv6 transition.

In summary, ARIN has a transfer policy and ARIN stands ready to record the results of private party transactions in IPv4 numbering resources. But the real game in the long run is deploying IPv6, not adding a few years of life or a lot of layers of NAT to the IPv4 network.

1. Cell phones that need ips like crazy. 2. ISPs that need IPs for every website because of how SSL functions.3. Cable companies that need ips like crazy.

If you eliminate these needs then NAT does most of the work and you only need a physical public address for a computer/os and no others. And better yet, you don't even need that for cell phones and isps.

#2 should be fixed with an update to SSL that allows SSLed sites to share IPs like non-SSLed sites can. (with different certs, I know you can do it with wildcards etc.)

#1 and #3 are the same issue really. The "simple" solution is IPV6 in the infrastructure and a form of NAT from IPv4 to V6 that maps appropriately and doesn't firewall etc. Most people aren't allowed to host servers anyhow on their ISPs and cell phones so initiating requests through the NAT doesn't matter.

The most interesting part about this "article" is that Timothy Lee wrote it without speaking with us at ARIN (despite mentioning ARIN 18 times in the article...) I'll try to be brief in corrections:

First, ARIN doesn't "resist" a market in IP addresses. ARIN implements the policies developed by the Internet community in the region - anyone can participate in the process via mailing list and online remote participation at no cost. So, if you don't like the policies, it's best to go to www.arin.net/participate and make yourself heard. In the case of being able to monetize IP addresses, ARIN has actually adopted policies which allow exactly that: via the Specified Transfer policy, a party may transfer addresses it doesn't need to a party which does need them. This policy was developed by the community and adopted so that little used IP address blocks won't remain unused, but will instead be put to productive use. If you go to ARIN's website (www.arin.net), you will see buttons that say "Got IPv4 Addresses?", "Need More IPv4 Addresses?", and "Facilitating an IPv4 Transfer?" ARIN is doing everything possible to make the transfer process easy.

Second, the suggestion that "they're free to transfer them to whomever they choose, regardless of a needs assessment by ARIN" disregards the fact that a needs-assessment was performed, and that the actual sale order that was approved by the judge was actually modified to reflect ARIN's role as the registry and to require an agreement with ARIN.

ARIN doesn't support or oppose a "open" market; it simply executes the community-developed policies. As such, we cannot set aside the policy of requiring actual need to receive addresses than we can any other policy.

If you happen to be nascent speculator to the IPv4 address market, the requirement to actually needing the addresses for network infrastructure may seem unfair, but it is what the community decided. The requirement that network operators must need address space in order to receive it actually quite similar to how IPv4 address space has been handed out for decades, and Internet service providers are quite familiar with the process of qualifying to receive it.

Tim - If you actually want an interview for your next foray into this area, feel free to contact me: jcurran@arin.net (alternatively, just ask Iljitsch; he knows what he's talking about here... :-)

Moreover, replacing the routers/modems of end users is not as a big a deal as you guys make it out to be. The vast majority of end users simply use whatever router/modem their ISP provides/rents/sells to them. There's no reason these same ISPs couldn't buy a bunch of IPv6 routers in bulk

I disagree, all the back-end routers are already replaced with ones that can handle IPv6 - either through firmware or through the usual replacement and purchase of new kit.

The big, big problem is the end-used. If you think we can all replace our routers with new ones (which is fine - just tell the end-user that the new ones are faster, or "2 better" then we'll end up buying them) then put your fingers where your mouth is and give me a list, that does not include the Apple Airport. I've looked around, I can't find many ADSL routers at all, and I certainly can't find any cheapo ones that do IPv6. You'd think the manufacturers would be falling over themselves to make and sell them to us.

Oh, he probably worries that without NAT every hacker in the world will be able to attack his toaster.

IPv6 does not need or want NAT, but firewalls work just as well as they have always done. If you could trust your NAT router to not forward hostile packets addressed to port 5518 (the last port your toaster used) to the toaster, then you can trust the IPv6 router to not forward hostile packets addressed to 2001:1234:4567::33.

I am ARIN's CEO, but I've also done software development, written code for 4.3 bsd, configured some of the earliest routers, and run a couple of nationwide ISPs as well as a hosting company. I read Ars Technica, xkcd, and slashdot on occasion (although you would probably do well to keep me away from your systems and routers at this point. :-)

The most interesting part about this "article" is that Timothy Lee wrote it without speaking with us at ARIN (despite mentioning ARIN 18 times in the article...) I'll try to be brief in corrections

I didn't speak to you on the phone, but I did send you an email asking for comment and the result was reflected in the story when I wrote "ARIN president John Curran tells Ars that ARIN's policies were 'developed by the Internet community.'"

Most of your "corrections" don't seem to actually contradict anything I wrote. I understand that ARIN's policies are set via a community process, and I mentioned that in my story. But that doesn't make the policies immune to criticism.

It seems a improbable a creation of a altenative to whois. It suffer from the same network effects of the ipv6 transition (despite being easier to implement) and governments can create laws to prevent it.

And for the record, I am not describing a conspiracy theory, not do I anticipate that any conspiracy will actually take place. No conspiracy is necessary. I am describing the individual-level incentives of "rational" and reasonably well-informed surplus IPv4 holders.

But you are describing a conspiracy, you are exactly describing a cartel. Cartels almost always fail because the dominant strategy of every cartel member is to undermine the cartel. The IPv4 holders can only maintain the high value of IPv4 addresses collectively, but each IPv6 vendor could undermine that value independently. The expected behavior, therefore, would be for each IPv6 vendor to maximize *profit* by cannibalizing IPv4 value - a collective asset - in favor if IPv6 *profit* - a private asset. Whether it's oil or diamonds or network addresses, the basic economic incentives are pretty much the same.

I have consulted with the judges, and they are all ready to present you with your copy of "The Networking Game: The Deluxe Home Version," along with your subscription to the Jelly of Month Club consolation prize. However, I'd like to give you one more shot at the jackpot. For all of the marbles, please fill in all of the blanks in the following sentence:

"In order to be successful as an 'IPv6 vendor' in an overwhelmingly IPv4-centric world, a network operator with need either a large reserve of __________, or alternately a similarly large supply of __________, or both."

Bonus prizes will be awarded if you can also successfully identify where and how the aspiring IPv6 vendor will get them!

I didn't speak to you on the phone, but I did send you an email asking for comment and the result was reflected in the story when I wrote "ARIN president John Curran tells Ars that ARIN's policies were 'developed by the Internet community.'"Most of your "corrections" don't seem to actually contradict anything I wrote. I understand that ARIN's policies are set via a community process, and I mentioned that in my story. But that doesn't make the policies immune to criticism.

Tim -

Of course not... It would, however, have been nice to speak with you regarding the incorrect assertions on the court case, and in the ARIN's position on markets for IPv4, and on why transfers to parties who actually intend to use them is important. Since you only sent two sentences, it's fairly hard for us at ARIN to know that you intended on copying inaccurate assertions of others regarding IP addresses and property rights. For example, ARIN acknowledges that there are many rights that apply to IP addresses, including the ability to make unique use of them and the ability to transfer them. One must also realize that the Internet community has rights with respect to the very same address blocks, such as the ability to see the block and registrant publicly in Whois. It is the community-developed policies that govern how these rights interact, including the ability of a party to transfer their "rights to use an address block" to another. This actually is made very clear in the court documents, which it does not appear that you had time to review.

It's interesting that you quote Jon Postel, as he was instrumental in founding ARIN and on our initial Board as an ex-officio Board member. Jon was one of the authors of RFC 2050 which documents the rules for the Internet registries, and it notes that:

Quote:

"The transfer of IP addresses from one party to another must be approved by the regional registries. The party trying to obtain the IP address must meet the same criteria as if they were requesting an IP address directly from the IR."

As the person that made the earliest address allocations, Jon wanted to see the address space go to those who actually needed it. This isn't a surprise to anyone who received those early allocations.

Today, there is a market in IPv4 address space based on the policies approved by the community, which includes address space transfers to those who are actually going to use it. I can't seem to find anyplace in your article where you discuss why this existing market approach doesn't provide all of the benefits you associate with a "free market". In fact, most of your article presumes seems to presume that there is no market at all and that the registries are fighting creation of an IPv4 market, when the actual truth is that we've adopted policies precisely to enable market transfers. If you want to criticize the community-developed address policies in public discourse, then let's first take the time to accurately reflect them in your article.

And for the record, I am not describing a conspiracy theory, not do I anticipate that any conspiracy will actually take place. No conspiracy is necessary. I am describing the individual-level incentives of "rational" and reasonably well-informed surplus IPv4 holders.

But you are describing a conspiracy, you are exactly describing a cartel. Cartels almost always fail because the dominant strategy of every cartel member is to undermine the cartel. The IPv4 holders can only maintain the high value of IPv4 addresses collectively, but each IPv6 vendor could undermine that value independently. The expected behavior, therefore, would be for each IPv6 vendor to maximize *profit* by cannibalizing IPv4 value - a collective asset - in favor if IPv6 *profit* - a private asset. Whether it's oil or diamonds or network addresses, the basic economic incentives are pretty much the same.

I have consulted with the judges, and they are all ready to present you with your copy of "The Networking Game: The Deluxe Home Version," along with your subscription to the Jelly of Month Club consolation prize. However, I'd like to give you one more shot at the jackpot. For all of the marbles, please fill in all of the blanks in the following sentence:

"In order to be successful as an 'IPv6 vendor' in an overwhelmingly IPv4-centric world, a network operator with need either a large reserve of __________, or alternately a similarly large supply of __________, or both."

Bonus prizes will be awarded if you can also successfully identify where and how the aspiring IPv6 vendor will get them!

You see, I was being intentionally nonresponsive, in order to gauge whether your grasp of the technical particulars of the situation under discussion is, at minimum, on par to your demonstrated familiarity with the economic terms that have been used in the course of this exchange to describe that situation.

That's okay, no doubt there are plenty of other articles here that are equally susceptible to basic economic analysis, but that don't present the same kind of technology-related gotchas that can expose someone's theory-inspired guesswork for what it truly is (and is not).

Oh, he probably worries that without NAT every hacker in the world will be able to attack his toaster.

IPv6 does not need or want NAT, but firewalls work just as well as they have always done. If you could trust your NAT router to not forward hostile packets addressed to port 5518 (the last port your toaster used) to the toaster, then you can trust the IPv6 router to not forward hostile packets addressed to 2001:1234:4567::33.

You see, I was being intentionally nonresponsive, in order to gauge whether your grasp of the technical particulars of the situation under discussion is, at minimum, on par to your demonstrated familiarity with the economic terms that have been used in the course of this exchange to describe that situation.

That's okay, no doubt there are plenty of other articles here that are equally susceptible to basic economic analysis, but that don't present the same kind of technology-related gotchas that can expose someone's theory-inspired guesswork for what it truly is (and is not).

Your rudeness is uncalled for. I know what you were driving at, but again, it is not responsive to my point. You seem to believe that there is some kind of "gotcha" but for all your sarcasm have not taken the trouble to spell out exactly what you believe it is. Assuming for the sake of discussion that you have to have a pool of IPv4 addresses to offer IPv6 internet service (an assumption I would challenge, incidentally; IPv4 is not actually a dependency for IPv6), it does nothing to change the economic analysis. IPv4 has value due to scarcity; IPv6 is a substitute good with less scarcity. BUT - the IPv4 value can only be maintained collectively while the IPv6 profit is realized individually. Thus ISPs would rationally cannibalize the value of their *own* IPv4 addresses to realize the profit on IPv6 because they believe that if they don't then somebody else will, and then it will be too late and the surplus value of the IPv6 service will be gone AND the value of the IPv4 service will be gone too.

Note that in all the *relevant* ways this is the same as oil. Oil pumped out of the ground is scarce; oil in the ground is less scarce. You might imagine, then, that oil pumpers would simply collude to not pump much oil, thus increasing the scarcity of extracted oil and driving up the price. In practice, this tends not to work very well, because the value of extracted oil is maintained by collective action, but any individual pumper can exploit that high value by cheating the cartel and pumping more oil, and that profit is accrued individually. This is extra bad for those that didn't cheat, because not only did the cheater reduce the value of extracted oil, but he took all of the profit and is in a stronger position from doing so. So, each of them will be determined not to be the sucker who doesn't cheat, and in the end, everyone ends up cheating.

Oh, he probably worries that without NAT every hacker in the world will be able to attack his toaster.

IPv6 does not need or want NAT, but firewalls work just as well as they have always done. If you could trust your NAT router to not forward hostile packets addressed to port 5518 (the last port your toaster used) to the toaster, then you can trust the IPv6 router to not forward hostile packets addressed to 2001:1234:4567::33.

There are some compelling reasons to want NAT that have nothing to do with security, one of which is to make migrations easier. Let's say I'm a medium sized company with around 100 branch offices that all connect to the corporate headquarters over a private WAN and all internet connectivity goes through the central office. I get a /48 IPv6 block from my provider (let's say AT&T) and go through considerable effort to divide it up among the branch offices and assign an IPv6 address to every device on my network. Then two years later, I want to switch from AT&T to Verizon, but I can't take my AT&T addresses with me - I have to use IPs provided by Verizon. I would then have to re-address every single device on my network before I could make that switch.

Or let's say I go to ARIN and get my own provider-independent addresses so I can move them freely between AT&T and Verizon. I still run into the same problem if I want to use them across RIR boundaries. What if I have several offices in South America that were getting to the internet through our headquarters in the US, but now I want to give them their own internet connection through our office in Rio. I now have to get another set of IPv6 addresses from LACNIC and re-address all of my South American offices to make that happen.

For anything larger than a small office, re-addressing the entire company network (and keeping all the pieces communicating with each other during the transition) is a LOT of hard work. Anyone who thinks autoconfiguration is going to magically make it easy is living in a fantasy world. NAT would make these kinds of transitions much easier, even if it was just a stateless 1-for-1 NAT of IPv6 addresses. It would allow you to quickly switch over your external connectivity, while giving you time to re-address your internal network at your own pace.

Timothy B. Lee / Timothy covers tech policy for Ars, with a particular focus on patent and copyright law, privacy, free speech, and open government. His writing has appeared in Slate, Reason, Wired, and the New York Times.